You've already forked vsmartcard
mirror of
https://github.com/librekeys/vsmartcard.git
synced 2026-04-14 08:46:17 -07:00
22edc2a228
As the PyCrypto website says [1]: > PyCrypto 2.x is unmaintained, obsolete, and contains security > vulnerabilities. Therefore, switch to PyCryptodome, a maintained PyCrypto fork which is listed there as the recommended alternative for existing software that depends on PyCrypto. Notes on the port: 1) As the PyCryptodome introduction documentation [2] says, there are 2 alternative projects/namespaces that can be used: * pycryptodome, which uses the `Crypto` package that PyCrypto also uses, so is almost a drop-in replacement for Pycrypto * pycryptodomex, which uses the `Cryptodome` package It also mentions that the use of pycryptodome "is therefore recommended only when you are sure that the whole application is deployed in a virtualenv". Since it isn't sure that the application is deployed in a virtualenv, to make it more explicit that PyCryptodome is being used and because Linux distros like Debian package the `Cryptodome` package [3], the port is done to the `pycryptodomex` library that uses the `Cryptodome` package name. 2) As the "Compatibility with PyCrypto" page in the PyCryptodome doc [4] says: > The following packages, modules and functions have been removed: > > * Crypto.Random.OSRNG, Crypto.Util.winrandom and Crypto.Random.randpool. > You should use Crypto.Random only. The `PublicKey.RSA.generate` method already uses `Crypto.Random.get_random_bytes()` as default [5], so just drop the second parameter using `RandomPool.getBytes` in `virtualsmartcard/src/vpicc/virtualsmartcard/cards/cryptoflex.py`. [1] https://www.pycrypto.org/ [2] https://www.pycryptodome.org/src/introduction [3] https://packages.debian.org/bullseye/python3-pycryptodome [4] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html [5] https://pycryptodome.readthedocs.io/en/latest/src/public_key/rsa.html